Total
9170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-0735 | 1 Ibm | 1 Rational Appscan | 2017-08-28 | 7.6 HIGH | N/A |
| IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly scan file: URLs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted URI. | |||||
| CVE-2012-0738 | 1 Ibm | 2 Rational Policy Tester, Security Appscan | 2017-08-28 | 5.8 MEDIUM | N/A |
| IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during scanning, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary certificate. | |||||
| CVE-2012-0736 | 1 Ibm | 1 Rational Appscan | 2017-08-28 | 9.3 HIGH | N/A |
| IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly create scan jobs, which allows remote attackers to execute arbitrary code via a crafted web site. | |||||
| CVE-2012-0741 | 1 Ibm | 2 Rational Policy Tester, Security Appscan | 2017-08-28 | 5.8 MEDIUM | N/A |
| IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during use of the Manual Explore Proxy feature, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary certificate. | |||||
| CVE-2012-0862 | 1 Xinetd | 1 Xinetd | 2017-08-28 | 4.3 MEDIUM | N/A |
| builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1. | |||||
| CVE-2012-0703 | 1 Ibm | 2 Infosphere Information Server, Infosphere Information Server Information Services Framework | 2017-08-28 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2012-0960 | 1 Ps Project Management Team | 1 Unity-firefox-extension | 2017-08-28 | 7.5 HIGH | N/A |
| Unity integration extension (unity-firefox-extension) before 2.4.1 for Firefox does not properly handle callbacks, which allows remote attackers to cause a denial of service (Firefox crash) and possibly execute arbitrary code via a crafted request. | |||||
| CVE-2012-0992 | 1 Openemr | 1 Openemr | 2017-08-28 | 8.5 HIGH | N/A |
| interface/fax/fax_dispatch.php in OpenEMR 4.1.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the file parameter. | |||||
| CVE-2012-1010 | 2 Likno, Wordpress | 2 Allwebmenus Plugin, Wordpress | 2017-08-28 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in actions.php in the AllWebMenus plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory. | |||||
| CVE-2012-1023 | 1 4homepages | 1 4images | 2017-08-28 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in admin/index.php in 4images 1.7.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter. | |||||
| CVE-2012-1108 | 1 Scott Wheeler | 1 Taglib | 2017-08-28 | 4.3 MEDIUM | N/A |
| The parse function in ogg/xiphcomment.cpp in TagLib 1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted vendorLength field in an ogg file. | |||||
| CVE-2012-1198 | 1 Secureideas | 1 Basic Analysis And Security Engine | 2017-08-28 | 7.5 HIGH | N/A |
| base_ag_main.php in Basic Analysis and Security Engine (BASE) 1.4.5 allows remote attackers to execute arbitrary code by uploading contents of the file with an executable extension via a create action, then accessing it via a view action. | |||||
| CVE-2012-1783 | 1 Saurabh Gupta | 1 Tiny Server | 2017-08-28 | 7.8 HIGH | N/A |
| Tiny Server 1.1.9 and earlier allows remote attackers to cause a denial of service (crash) via a long string in a GET request without an HTTP version number. | |||||
| CVE-2012-1785 | 2 Kylegilman, Wordpress | 2 Video Embed \& Thumbnail Generator, Wordpress | 2017-08-28 | 7.5 HIGH | N/A |
| kg_callffmpeg.php in the Video Embed & Thumbnail Generator plugin before 2.0 for WordPress allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2012-2118 | 1 X.org | 1 X11 | 2017-08-28 | 10.0 HIGH | N/A |
| Format string vulnerability in the LogVHdrMessageVerb function in os/log.c in X.Org X11 1.11 allows attackers to cause a denial of service or possibly execute arbitrary code via format string specifiers in an input device name. | |||||
| CVE-2012-2159 | 1 Ibm | 2 Security Appscan Source, Spss Data Collection | 2017-08-28 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2012-2191 | 1 Ibm | 3 Global Security Kit, Rational Directory Server, Tivoli Directory Server | 2017-08-28 | 5.0 MEDIUM | N/A |
| IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, does not properly validate data during execution of a protection mechanism against the Vaudenay SSL CBC timing attack, which allows remote attackers to cause a denial of service (application crash) via crafted values in the TLS Record Layer, a different vulnerability than CVE-2012-2333. | |||||
| CVE-2012-2241 | 1 Devscripts Devel Team | 1 Devscripts | 2017-08-28 | 5.0 MEDIUM | N/A |
| scripts/dget.pl in devscripts before 2.12.3 allows remote attackers to delete arbitrary files via a crafted (1) .dsc or (2) .changes file, probably related to a NULL byte in a filename. | |||||
| CVE-2012-2246 | 1 Mahara | 1 Mahara | 2017-08-28 | 6.8 MEDIUM | N/A |
| Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to conduct clickjacking attacks to delete arbitrary users and bypass CSRF protection via account/delete.php. | |||||
| CVE-2012-2251 | 3 Debian, Fedoraproject, Pizzashack | 3 Debian Linux, Fedora, Rssh | 2017-08-28 | 4.4 MEDIUM | N/A |
| rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) "-e" or (2) "--" command line option. | |||||